Repost a basic introduction to Cryptography

[Cryptography 02] cryptographic system principles and mathematical background

In the previous article [cryptography], four theme topics briefly introduced the technical means used to achieve the confidentiality and integrity of information transmission, as well as identity authentication and anti-Repudiation:

1) Password Technology (encryption and decryption ).

2) Hash technology, that is, Hash technology.

3) random number.

4) timestamp.

Next we will discuss the password technology.

It is a typical password system that shows the application scenarios of the Password Technology:

 

Plaintext: P ciphertext: C encryption key: K1 decryption key: K2 encryption method: E Decryption Method: d

The relationship between encryption and decryption can be expressed in a concise formula:

C = Ek1 (p) indicates that the plaintext P is encrypted using the encryption key K1 through the encryption method e to obtain the ciphertext C.

P = dk2 (c) indicates to use the decryption key K2 to decrypt the ciphertext C using the decryption method D to obtain the plaintext p.

Dk2 (Ek1 (p) = P can be obtained from the preceding two formulas.

In fact, cryptographic algorithms E and D are mathematical functions.

 

Cryptography has two basic principles:

1) The message must contain a certain degree of redundancy.

2) measures must be taken to combat replay attacks.

In addition, the design of the password system is also called the kerckhoff principle:

"The cryptographic algorithm must be public and only the key must be kept confidential ."

This principle embodies the idea that it is irrelevant for intruders to know the cryptographic algorithm, and all secrets are hidden in the key. It is unwise to keep the cryptographic algorithm confidential because it is difficult to design the cryptographic algorithm. Once the algorithm principle is leaked, it must be re-designed with a lot of effort. However, the key can be changed at any time.

Every cryptographic algorithm has its own mathematical background and relies on a certain mathematical theory. The following is the mathematical basis for some common cryptographic algorithms:

1) Information Theory

Modern information theory, founded in 1948 by clarde Elmwood Shannon, defines a precise mathematical model for secure cryptographic systems.

2) Complexity Theory

Complexity theory provides a method for analyzing the computational complexity of cryptographic algorithms. It compares the cryptographic algorithms to determine the security of a cryptographic algorithm. The computing complexity of cryptographic algorithms is usually measured using two variables: time complexity and space complexity.

3) Number Theory

The modulo operations, prime numbers, the most common factor in number theory, modulo inverse element, ferma theorem, Chinese Remainder theorem, and galowa domain theory are the mathematical foundations of many cryptographic algorithms.

4) factorization

Factorization a number is to find out its prime factor. Factorization is the oldest problem in number theory. decomposing a number is very simple, but it is a time-consuming process. Some classic factorization algorithms include the number field smoothing method, the quadratic smoothing method, and the elliptic curve method.

5) Calculate the discrete logarithm of a finite field

The Calculation of discrete logarithm is recognized as a difficult problem in mathematics. The Calculation of discrete logarithm is closely related to factorization. If the problem of discrete logarithm can be solved, the problem of Factorization can be solved.

[Cryptography 03] symmetric cryptographic algorithm

Previous Article[Cryptography 02] cryptographic system principles and mathematical backgroundMentioned the cryptographic algorithm. Each cryptographic algorithm is based on the corresponding mathematical theory. Since the development of cryptography, a large number of excellent cryptographic algorithms have been produced, which are generally divided into two types: symmetric and asymmetric cryptographic algorithms.

Symmetric encryption algorithms refer to algorithms that can be used to calculate and decrypt keys with encryption keys. It is concise to use the formula:

Ek1 (p) = C

Dk2 (c) = P

E is the encryption algorithm, D is the decryption algorithm, p is the plain text, C is the ciphertext, K1 is the encryption key, K2 is the decryption key. In symmetric cryptographic algorithms, If k1 is used, K2 can be calculated. If K2 is used, K1 can also be calculated. In most symmetric cryptographic algorithms actually used, K1 and K2 are the same. Therefore, the relationship between encryption and decryption is as follows:

Ek (p) = C

DK (c) = P

Key K is used for encryption and decryption.

Symmetric encryption algorithms are the same as keys for encryption and decryption.

Common symmetric cryptographic algorithms include the following:

1) DES, Data Encryption Standard. Developed by IBM in the 1970 s. The key length used by the DES algorithm is expressed as 64-bit, but each 8th is used for parity. Therefore, for users, the key length is 56 characters. Des divides messages into 64-bit long groups and encrypts one group at a time. If the last group is less than 64-bit, it needs to fill up 64-bit groups according to a certain policy, as shown in.

 

Des is no longer secure because the key is too short and there is a weak key in the key space. In 1977, two cryptographic masters at Stanford University, Diffie and Helman, designed a machine. Given a small field of plain text and matched ciphertext, the key can be computed within one day.

2) Triple DES, enhanced version of DES. As shown in, the des password algorithm is used, but three times, the encryption process is "encryption-decryption-encryption", and the decryption process is "decryption-encryption-decryption ".

 

It can be expressed:

Ek1 (dk2 (ek3 (p) = C // Encryption

DK1 (ek2 (dk3 (c) = P // decrypt

Because the three key procedures use different keys, the length of the key is increased. In practice, K1 and K3 are the same, that is, the outer layer uses the same key for two encryption and two decryption operations. In this way, the key length of the Triple DES is equivalent to the length of K1 + K2, that is, 112 bits (the key length of the DES is 56 bits ). The reason for adopting the "encryption-decryption-encryption" mode is to maintain compatibility with DES. As long as k1 = k2 = K3 is set, isn't the Triple DES the same as Des? There are only two more steps.

Triplicate des is only a variant of DES, and there are other variants, such as desx, crypt (3), gdes, rdes, and sndes.

3) AES, Advanced Encryption Standard. The Rijndael algorithm was invented by two Belgian cryptology experts and participated in the open cryptography Competition organized by NIST (American Standards and Technology Commission) in 1997. It eventually became an encryption standard with excellent technical characteristics. The galova domain theory mentioned in the previous AES article is the mathematical basis. AES also encrypts data in blocks, but the block length is not set as 64-bit as des. The key length of Rijndael can be increased from 128 bits to 32 bits at an interval of 256 bits.

Rijndael algorithms are completely open, secure, and extremely fast. If you want to obtain a key with a length of 128 bits and use brute force to crack the key, even if there is a computer containing 100 billion processors and each processor processes 10 billion keys per second, it also takes 10 billion years to search for a complete key space.

4) Other symmetric cryptographic algorithms, idea, Lucifer, madryga, newdes, FeAl, redoc, Loki, RC2, MMB, GOST, cast, blowfish, safer, 3-way, RC5, etc, there are too many cryptographic algorithms. IDEA is short for International Data Encryption Algorithm (International Data Encryption Algorithm). The algorithm designer is Dr. James Massey and Dr. xuejia Lai. Laixuejia is a Swiss Chinese, born in 1954, a master's degree graduate from Xi'an Electronics Science and Technology University. James
Massey is the mentor of laixuejia.

The idea algorithm is more secure than des (similar to AES) and can defend against the attacks of differential password analysis, whereas des does not. IDEA is faster than DES, and the data encryption speed can reach 177 Mb/s, which is similar to AES.

[Cryptography 04] asymmetric cryptographic algorithms

In the previous article [cryptography 03], symmetric cryptographic algorithms introduced symmetric cryptographic algorithms. Their main feature is that encryption and decryption keys can be calculated from each other, in practice, the encryption keys and decryption keys of most symmetric encryption algorithms are the same. Because of this, after an encryption person specifies a key, he must try to distribute the key to the decryption person, and be careful not to disclose the key. This is a contradiction inherent in the symmetric cryptography algorithm. How can this problem be solved?

As mentioned above, the two cryptology masters Diffie and Helman proposed a new concept of cryptographic system in 1976: asymmetric cryptographic algorithm. The following describes the features of asymmetric cryptographic algorithms.

Unlike symmetric encryption algorithms, asymmetric encryption algorithms have different encryption keys and decryption keys, and it is extremely difficult to calculate and decrypt keys from encryption keys. In short, asymmetric cryptographic algorithms have the following features:

1) Ek1 (p) = C // E: encryption algorithm, K1: encryption key, P: plaintext, C: ciphertext, the same below.

Dk2 (c) = P // D: decryption algorithm, K2: decryption key.

Based on the above two formulas, you can get:

Dk2 (Ek1 (p) = P

2) It is extremely difficult to deduce K2 from K1. If the key length is long enough, it is impossible for any creature in the galaxy to launch K2 easily from K1 or calculate K1 from k2.

3) some excellent asymmetric cryptographic algorithms also have the following features, but not all algorithms have:

Ek1 (dk2 (p) = P

That is, the encryption function E and the decryption function D are reciprocal functions. The decryption function can be used as an encryption function, and the encryption function can also be used as a decryption function. This feature is fascinating.

With the first two features, the encryption key can be made public with confidence. Alice uses asymmetric cryptographic algorithms to secretly send messages to Bob. What is the process like? First, Bob needs to generate a pair of keys BK1 and BK2. He can select any key, such as BK1, and publish it to everyone, including Alice. He keeps BK2 himself to prevent anyone from knowing it. After Alice knows Bob's public key BK1, she can use BK1 to encrypt the plaintext P to obtain the ciphertext C and then transmit it to Bob. She does not have to worry about the ability of others to decrypt messages, because only BK2 can decrypt BK1-encrypted messages, while BK2 is only known by Bob. It is almost impossible to calculate BK2 from BK1. Bob receives the message and decrypts it with private BK2 to obtain the plaintext. In turn, Bob will send a message to Alice, and Alice will also form a pair of keys ak1 and ak2, and follow the same process.

Because asymmetric cryptographic algorithms can publish encryption keys, they are also calledPublic key encryption algorithm, AbbreviationPublic key encryption algorithm, OrPublic Key Algorithm. The Public Key algorithm is indeed a very elegant solution to the contradiction between key confidentiality and disclosure. Below are some common public key cryptography algorithms.

1) RSA is the first of three cryptographic masters, Rivest, Shamir, and Adleman, issued by MIT (MIT) in 1978. RSA is the best public key algorithm. It satisfies all three features mentioned above. The mathematical basis of RSA Algorithms is[Cryptography 02] cryptographic system principles and mathematical backgroundThe Factorization mentioned in this article. The RSA algorithm has withstood a large number of attacks by cryptographic analysts over the past 30 years. Although cryptographic analysts cannot prove that RSA is secure, it cannot prove that RSA is insecure. RSA has been widely used, making great contributions to the information security of the entire global village, especially the security of e-commerce.

2) El Gamal: the mathematical basis of this algorithm is[Cryptography 02] cryptographic system principles and mathematical backgroundAs mentioned in"It is difficult to calculate the discrete logarithm in a finite field. The El Gamal algorithm is also an excellent public key cryptography algorithm.

3) There are many other public key cryptographic algorithms, such as the backpack algorithm, Rabin algorithm, pohlig-Hellman algorithm, mceliece algorithm, elliptic curve-based algorithm, and Luc algorithm.

About the backpack algorithm, Tanenbaum's "Computer Networks" (4th) tells an interesting story: the design of the backpack algorithm, Merkle, has offered a reward of $100 for cracking the algorithm, s in the RSA combination, that is, Shamir quickly cracked the algorithm and received the bonus. Merkle enhances the algorithm and provides a reward for cracking again. The bonus is increased to $1000. The R in the RSA combination, that is, Rivest, quickly cracked and received the bonus. Since then, Merkle has no reward, so another person in the RSA combination, A, that is, Adleman, won't be able to get the expected $10000. From this story, we can see that the golden combination of RSA in the information security field is indeed super awesome!

The public key cryptography algorithm is very elegant, but almost all public key algorithms have a problem: the speed is too slow. The speed of the RSA algorithm is one of the 1000 des, and the longer the key, the slower the speed. In practice, the cryptographic system combines the public key cryptographic algorithm with the symmetric cryptographic algorithm.

[Cryptography 05] encryption mode

Most cryptographic algorithms cut plain text into multiple blocks with a fixed length and encrypt the data in blocks rather than in bytes. Regardless of the cryptographic algorithm, when the same plaintext block is input from the front end of the algorithm, the same ciphertext block is output from the back end. Intruders can fully exploit this feature to help break the password system. The following is an example.

The following table describes the year-end prizes of three people.

Alice	8000
Bob	12000
Trudy	3000

After the boss authorizes the Secretary mm to organize the table, the secretary mm encrypts it and submits it to the finance department. To clearly describe the problem, it is assumed that every field in this table is 64 bits, and the length of the encryption block used by the secretary mm is also 64 bits, the encryption result may look like the following:

As9d8912h3a98q 9 sdjkvni	9d89821as89982mhslkp [ANM
09djhasdfqwer78sdfhd, ZX	0812utweq23] [; [] x/; \ dskg5 P
78723g/CC; D; lfsdf/; lxpash	//,; Isofiweriioc7kjjkjdfnsan

Let us assume that Trudy can be seen before the Secretary mm sends the ciphertext. Even though Trudy does not understand the contents of this table, Trudy obtains sufficient information when the Secretary mm complained about how to fix the 64-bit length of each field in the Two-field table. She knew that she had a quarrel with her boss, and the bonus was definitely not high, so she tried to adjust the order of these ciphertext blocks to the following:

As9d8912h3a98q 9 sdjkvni	0812utweq23] [; [] x/; \ dskg5 P
09djhasdfqwer78sdfhd, ZX	//,; Isofiweriioc7kjjkjdfnsan
78723g/CC; D; lfsdf/; lxpash	9d89821as89982mhslkp [ANM

Only by adjusting the order of ciphertext blocks, the finance department cannot detect any exceptions when decrypting messages. Although Trudy still does not know the reward amount, he can confidently believe that his bonus will be higher than the original.

To combat this problem, we need to adopt a certain encryption mode. We need to associate each ciphertext block so that any abnormal change in the ciphertext will invalidate the entire ciphertext. The following are common encryption modes.

1) Electronic cryptographic model: ECB. This does not need to be introduced any more. As for the problematic model mentioned above, each plaintext corresponds to its own ciphertext block, which is irrelevant to each other. Although there is a problem, it is also a mode.

2) blockchain mode: CBC. Before encryption, each plain text block is combined with the password Text of the previous block by bitwise "XOR" operation. This ensures that, even if the plain text contains many identical blocks, each of these blocks is encrypted into different Password text blocks. Before encrypting a block, the initialization vector is combined with the first plain text block through the bitwise "XOR" operation. If one character in the Password text block has an error, the corresponding plain text block will also have an error. In addition, the bits with the same location as the original error bit in the block will also cause an error. Is the CBC encryption mode.

3) password feedback mode. Process a small amount of incremental plain text into the Password text, instead of processing the entire block at a time. This mode uses a shift register with a block in length that is divided into several parts. For example, if the block size is 8 bytes and one byte is processed each time, the shift register is divided into eight parts. If one character in the Password text has an error, one plain text bit has an error and the shift register is corrupted. This will cause several subsequent incremental plain text errors until the error bit is removed from the shift register. The CFB encryption mode is as follows.

 

4) output feedback mode. Process a small amount of incremental plain text into the Password text, instead of processing the entire block at a time. This mode correspondsCFBSimilar; the only difference between the two modes is that the fill mode of the shift register is different. If there is an error in the Password text, the corresponding bit in the plain text will also fail. However, if there are redundant or missing bits in the Password text, the plain text after that bits will all go wrong.

5) stream password mode. Encrypt an initial vector with a key to generate an output block, and then encrypt the output block with the same key to obtain the second output block, encrypt the output block with the same key to obtain the third output block, and so on. The sequence of all these blocks is called a dense stream. Block-by-block output of dense streams is different from that of plain text, and the output is ciphertext.

6) Counter mode. Encrypt an initial vector with a key to generate an output block. Then, add the initial vector to 1 and then use the same key to encrypt the second output block, and so on. The output block sequence is also a dense stream. When a dense stream is output one by one, the block sequence is different from the plaintext one by one, and the output is the ciphertext.

7) CTS (Password text theft mode ). Process plain text of any length and generate Password text that matches the plain text length. Except for the last two plain text blocks, this mode worksCBCThe behavior of the mode is the same.

[Cryptography 06] data block filling mode

Most cryptographic algorithms are block cryptographic algorithms. You need to cut plain text messages into fixed blocks and encrypt them one by one. For example, des needs to cut messages into 64-bit blocks. If the message length is not an integer multiple of 64, the last message block is not 64-bit, and the last message block must be filled. Filling itself is very simple. The problem is that there are many feasible filling methods. If you fill the data in a certain way during encryption, you must understand this filling method and remove the filled content during decryption, otherwise, the decrypted data may be dirty data.

Some encryption standards specify specific filling schemes. The following describes how these modes work.

Assume that the block length is 8 bytes and the plaintext data to be encrypted is 9 bytes. The message is split into two blocks. The second block contains only one byte and needs to be filled with seven bytes. Assume that the 9-byte plaintext data is as follows:

F1 F2 F3 F4 F5 F6 F7 F8 F9

The following are four common filling methods:

1) zeros filling: fill all 0 bytes. The result is as follows:

F1 F2 F3 F4 F5 F6 F7 F8 // the first block
F9 00 00 00 00 00 00 00 // second

2) x923 fill: Fill in the byte sequence of 0, the total number of bytes filled in the last byte record, the result is as follows:

F1 F2 F3 F4 F5 F6 F7 F8 // the first block
F9 00 00 00 00 00 07 // second

2) pkcs7 filling: each filled byte records the total number of bytes. The result is as follows:

F1 F2 F3 F4 F5 F6 F7 F8 // the first block
F9 07 07 07 07 07 07 07 // second

3) iso10126 filling: Fill in the random byte sequence, and the total number of bytes filled in the last byte record. The results are as follows:
F1 F2 F3 F4 F5 F6 F7 F8 // the first block
F9 7d 2a 75 EF F8 EF 07 // second